I've hit this before and so have some users. When trying to load https://getfedora.org/coreos/download/, Firefox is unable to load the stream metadata because of CORS:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://builds.coreos.fedoraproject.org/streams/stable.json. (Reason: CORS request did not succeed).
builds.coreos.fp.org is a CloudFront endpoint for the fcos-builds bucket. The bucket itself has a permissive CORS rule:
builds.coreos.fp.org
fcos-builds
<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
So I'm thinking it might be something missing in the CloudFront configuration. And indeed it does have some "caching" behaviours to it; it mostly shows up after updating that JSON file during releases, and it eventually goes away (something like CloudFront not passing through CORS headers on the first cache miss maybe?).
Not urgent, but prevents some users from reaching the Fedora CoreOS download page.
Metadata Update from @smooge: - Issue priority set to: Waiting on Assignee (was: Needs Review)
Metadata Update from @smooge: - Issue tagged with: aws
I found this: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors
and set the cloudfront settins as suggested.
Do you have any way to test? Or should we close this and re-open if it happens again?
Thanks for looking into this!
I think we can close it and see if it happens again on the next FCOS release.
Metadata Update from @jlebon: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.